Hunting ISIS On The Darknet: The FBI’s De facto Collaboration With Anonymous

Now that ISIS is operating on both the surface web and the Darknet, the FBI is concerned about the nature of the group’s Darknet activities and the government’s inability to circumvent them. ISIS is currently using the Darknet to inspire terror attacks around the globe, recruit, boost finances and provide military training. ISIS has also been found to have access to classified US documents, including detailed missile diagrams, diagrams of weak armor points in US vehicles such as M1 Abram Tanks and Bradley Fighting Vehicles and combat training methods used by coalition forces.

Department of Homeland Security officials are worried about ISIS’ use of encryption, which they say cannot be intercepted by US government agents. Reportedly:

“The FBI is currently pushing for government access to encrypted communications, but top security experts warn that giving government agencies backdoor access would result in a host of unanticipated security problems. FBI Director James Comey argues that without access to encrypted communications, terrorists, pedophiles and other criminals will able to communicate without law enforcement agencies knowledge, which poses major consequences for the security of all Americans. Whitfield Diffie, one of the inventors of modern cryptography, compared giving government agencies encryption keys to unlock people’s private communications to leaving the keys to the doors of one’s home under the doormat.”

Civil liberties groups agree with Diffie, arguing that it would violate users’ 4th Amendment rights. Encryption is a problem for government agents, but there are those on the Darknet who can get around it–which suggests government agents might consider learning how to do this themselves.

Meanwhile, ISIS is beginning to feel at home on the Darknet, safely tucked away from the US government. And, since fundraising is one of ISIS’ priorities, the group has been accepting donations in Bitcoin. But, because Bitcoin management poses some challenges to a terrorist organization, an American supporter of ISIS created a Bitcoin guide. Known as Amreeki (‘American”) Witness, on Twitter, prior to being nabbed by the police, he posted a Bitcoin guide on a WordPress blog. The guide covers, in detail, the potential problems terrorists will typically face in funding their operations.

Bitcoin solves all of them, according to the guide, because it’s anonymous, decentralized and has an extra layer of encryption known as mixing. Hence, transactions are “untrackable,” the author explains. The document can be viewed at this link. There is also a large weapons market on the Darknet.

The US government is nowhere close to being able to counter all that ISIS is plotting on on the Darknet. Historically, the government has always struggled to stay on top of the emerging new technologies used by criminals and terrorists on the Internet. Because of that, they are almost always using obsolete technology, which is not designed to withstand new threats and is out of pace with what the people they are pursuing are using.

There are now five domains of warfare: land, water, air, space and cyber. It would be a grave error to ignore the potential deadliness of the latter. As a vehicle for recruitment, it directly impacts the battlefield. It allows terrorists to meet and plot without worrying about being interrupted by a US federal agent.

While ISIS continues to move forward with its nefarious goals, the US government is still trying to decide which government agency should be in charge of a response to a cyber attack and which agency should be responsible for drafting policy on the matter. This issue didn’t just pop up recently—they’ve been “working” on this for the past four years. Granted, it involves 19 different agencies but it’s hardly an insurmountable endeavor.

So, what should the government do about these impending threats? Tor, which ISIS now uses, but which the government has not really mastered yet, is not the only option available. Singapore’s S2T, a company which specializes in Darknet data and identity extraction has a package specifically designed for governments.

And, S2T is very up front about the relevance of classic human intelligence or HUMINT. Taking an alternate route onto the Darknet, “cyber sock puppets” or false identities are used in addition to social engineering. The combination of the two enables the hunter to penetrate sites on the Darknet. Cyber-HUMINT, used in tandem with other Darknet data searching tools, can achieve much more. It should be noted that on at least one occasion S2T’s analysts used these weapons to crack open an ISIS fundraising site hidden on the Darknet. The site targeted US ISIS sympathizers willing to donate Bitcoins. The company offers many more tools for any government that is serious about unleashing a war on ISIS online. And, there are other companies with similar products, such as the Israeli-based SenseCy, which offers products such as “virtual spies” or “avatars.”

The US government also has the option of collaborating with hackers in order to thwart ISIS’ Internet activities. Calls for the feds to do just that are being heard with more frequency now that the government has openly admitted it is in over its head in trying to fight ISIS online. Detractors are wary of involving individuals “of dubious intent.” But, the same label has also been applied to government agents. What’s more, the two are already working together on threat analysis, though not officially.

In March 2015, an article in Foreign Policy made a case for the US government to not only collaborate with Anonymous, but also pay the hacktivist collective in Bitcoins. Anonymous factions and affiliated hacktivists have a good handle on ISIS operations on the surface web and are in the process of delving deeper into terrorist activity on the Darknet. The Foreign Policy article states:

“Employees in government, the article argues, are best suited for countering attacks of rogue nation-states and “sophisticated non-state actors.” However, for IS, perhaps a better group is better suited to counter the threat.

The U.S. government should look to those unaffiliated, socially minded hackers (“hacktivists”) who have their own reasons to despise the Islamic State. This includes self-declared, underutilizedwhite hat” hackers, who use their expertise to test and improve the cyber-defenses of companies. It also includes those individuals and hacktivist collectives like Anonymous who have had a traditionally antagonistic relationship with the U.S. government.”

France has also come to the conclusion that it lacks the skills necessary to deal with ISIS online, so it recently announced that it will start to recruit hackers, in order to battle ISIS attackers and recruiters. According to DarkGovernment.Com:

 “‘Their job would be to monitor popular websites, and search and find recruiters before they have had the chance to talk to and try to convert French teenagers.’

According to BatBlue, French Prime Minister Manuel Valls stated that the aim is to prevent the jihadists from turning “the Internet space” into their propriety.”

At least two times in the past, a US federal agency has publicly asked for help from hackers. In 2006, the FBI publicly asked hackers for help in fighting cybercrime. “We need your expertise and input as we develop strategies to battle cybercrime in the 21st century,” FBI official Daniel Larkin said while addressing the annual Black Hat security conference. He confessed that though the government has tried to stay current on possible threats, there are others who likely know about potential threats before federal agents do. “Critical information on terrorism and cybercrimes could be in your hands and might be in your hands before they reach ours,” he said to the group of black hat hackers.

And then again on July 27, 2012, at the DefCon conference in Las Vegas, General Keith Alexander, then-director of the National Security Agency (NSA), came right out and invited the hackers at the conference to work for the spy agency. The stunned hackers were then directed to a job recruitment site which was created specifically for the conference. Alexander unabashedly referred to the hacker audience as “the world’s best cybersecurity community.”

Incidentally, there is a bit of a history of hackers assisting the authorities. For instance, in 2013, a Huffington Post article described how Anonymous helped police track down Chinese hackers. Anonymous is also credited with warning police, in advance, about the Garland, TX attack. Additionally, earlier this year, when the FBI was searching for the Centcom hackers, they were aided by information acquired by Anonymous. And, the hacktivist collective was also instrumental in shutting down a child pornography website, while also helping the police arrest Canadian, Chris Forcand.

For the past few months, the Operation ISIS (#OpISIS) team has been in regular contact with the authorities regarding specific threats found while perusing the Internet for ISIS activity. Some of the activity is done right out in the open on social media, while other activities are carried out in a more covert manner on the Darknet.

A recent incident that occurred a couple of days before the 4th of July weekend was reported to the FBI by Ghost Security, a group loosely affiliated with Anonymous. ‏Ghost Security member, @ISHuntingCIub, came across a tweet that appeared to be a threat from an ISIS supporter in regard to the 4th of July. The FBI and CIA were notified. On last Thursday, James Comey announced that a number of plots surrounding the July 4th holiday weekend were foiled and suspects who were inspired by ISIS were arrested. Comey credited the leads received and the work of the FBI in averting the plots.

In another incident, involving Tunisia, the hacktivists were able to assist in the arrests of 17 suspects. @DigitaShadow, of Ghost Security, explained in detail how the situation unfolded. While operating undercover on social media, “one of our accounts detected a militant account citing threats against British and Jewish tourists in Djerba, Tunisia.” He said that he and the other operatives took the threat seriously due to the nature of this particular account, the manner in which it was conducting itself and its connection with other high profile ISIS accounts.

And, there was mention of suicide bombings. “We instantly began looking for major events in that area where a suicide bombing would yield the highest amount of casualties. That particular day there was an open market where many tourists visited known as Houmt Souk open market. Next we began searching for other attractions that draw high numbers of British and Jewish tourists to find that at least two churches in the immediate area were holding services which is yet another prime target for causing maximum damage due to the closed quarters of buildings and the high occupancy. All evidence of the plot was collected by us, including social media account names, screenshots, images and detailed maps.” This, too, was communicated to the authorities and a tweet was posted on Twitter.

@DigitaShadow continued: “Since our aim is to stop terrorism threats wherever they are found we have multiple government contacts and intelligence contractors we can relay intel to in order to deploy military and police forces if required. On this instance we contacted the FBI and a United States intelligence firm to respond to the threat.” The total number of arrests made, so far, have increased to 17.

Ghost Security consists largely of ex-military members and individuals with strong backgrounds in computer security. A former Miss Jordan has also joined the ranks of Ghost Security. Lara Abdallat is an accomplished individual with a strong desire to see ISIS defeated. “We won’t stop until our mission is complete,” she is quoted as saying. Ghost Security works closely with CtrlSec and coordinates efforts with several other Anonymous factions.

According to @MikroSec, who represents both GhostSec and CtrlSec, “We have taken offline over 100 websites and suspended over 55,000 Twitter accounts. Some are having to be shut two-three times a day.” He commented that “we are literally stalking” those accounts. “Everybody can do something. You don’t have to pick up a gun to do something to prevent this. Public effort really mattersthat’s important.”

#OpISIS is Anonymous’ largest operation to date. It has garnered a lot of support from across the political spectrum, with the majority of its support coming from the right. #OpISIS is a diverse group of individuals from around the world who came together in an attempt to minimize the suffering around the world, inflicted by ISIS.

Copy */
Back to top button